Posted by arlene

Public Key Destruction

In many cases, cryptographic keys remain valuable long after they leave service. An attacker might record all the ciphertext encrypted under a key and hold it for a long period. If the key becomes available later, all the saved ciphertext can be decrypted easily. Here are some suggestions for destroying keys when they are no longer needed.

• Keys stored in memory—Zero immediately after use.
• Keys stored on disk—Overwrite multiple times with Os, ls, alternating patterns, and random patterns. It turns out that it is possible to analyze “erased” magnetic media several layers deep, so this process must be especially thorough.
• Keys stored on paper—Burn or shred with a confetti shredder, not a strip shredder.
• Keys stored on backup tapes—If you must keep backup tapes of keys, keep them on segregated tapes that contain no other vital information. Then they can be easily destroyed when they are no longer needed.

Public Key Distribution

Sometimes keys do not need to be distributed. For example, when cryptography is used to encrypt files on the disk of a personal computer, there is no need to distribute the key to anyone. For communications security, however, two or more persons, located at some distance from one another, must exchange keys. When two people are involved, the situation is fraught with peril. When a whole network of keys must be distributed, the situation gets complicated.

There are several methods of sharing a key between two people.

• Meet in person.

This procedure is the simplest to understand, but it doesn’t scale well to thousands of people, and it is expensive. An entire set of keys can be exchanged in advance in this way, but then they must all be stored securely.

• Send the key by courier.

The essential problem is whether or not to trust the courier. One can split the key and send the parts by different routes, but this adds to the expense. This method also does not scale well.

Use a master key, also known as a key-exchange key, to encrypt session keys.

This is a time-tested method, especially if the key-exchange keys are stored in protected hardware.

• Use public-key cryptography or a key-exchange protocol.

These schemes permit the secure exchange of keys with someone but with hom? The problem is translated from privacy to authentication. For public-key systems, the usual solution is to use certificates. For key-exchange protocols, common solutions include both digital signatures and out-of-band confirmations, such as telephone calls. It is particularly important to guard against man-in-the-middle attacks, in which an attacker impersonates each party with respect to the other.

When more than two parties must communicate, pairwise key exchange quickly becomes unmanageable. In such cases, it is common to use either a key-distribution center (KDC) or public-key certificates.

A KDC is a central, trusted authority that shares a separate master key with each member of the network. When two parties want to communicate, they use a session key provided by the KDC. The KDC may distribute the pairwise session keys in batch, or it can operate in real time to create keys as the need arises. The Kerberos system, originally developed at MIT, uses this basic scheme. A KDC-based system can be constructed entirely with symmetric cryptography.

When public-key systems are used, the usual technique is to create an infrastructure of public-key certificates. As mentioned previously, a certificate binds a public key to a name by having a trusted third party (the certificate authority) sign the certificate. These certificates can be freely published and exchanged over open communications channels. Parties wanting to communicate use the public key from the certificate of their chosen correspondent to encrypt a session key.

Both of these schemes require a central authority of some sort. Either an online KDC creates keys as needed, or an offline KDC distributes keys, or an offline authority certifies public keys. The trade-offs are in the details. Is a reliable online service required? How are keys revoked if they are lost or stolen? Does the KDC have the ability to read all messages? Is it trusted not to do so? The public-key systems seem to be the most powerful when two parties with no prior relationship want to communicate, provided that each is willing to trust a third party to authenticate the other.

Possibly related posts: (automatically generated)
Public Key Destruction and Distribution

• Security Facilities in Java
• The Apache Web server, a rich Java Web site continue...
• PKI (public key infrastructure) Management and Certificate Lifecycle
• Java Database, J2EE Framework
• VBScript and JScript continue...
• Public-key Certificates and Certificate Authorities
• Hardware Public Key Storage vs. Software Public Key Storage
• Base software URLConnect，Web-based agent in Java
• Adding JavaScript to the HTML Form
• Client/Server must Know